Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@financial-times/o-tracking
Advanced tools
Include in your product to send tracking requests to the Spoor API.
Check out how to include Origami components in your project to get started with o-tracking
.
o-tracking does not work without JavaScript but, you can still send basic tracking requests to the Spoor API by setting a css background image url which points to the Spoor tracking pixel endpoint (https://spoor-api.ft.com/px.gif
). Click events and other interactive events will not be tracked without JavaScript but basic page view events can be tracked.
The Spoor tracking pixel endpoint takes a data
query parameter which is a url-encoded JSON string that represents the data to track in Spoor.
<div class="o-tracking o--if-no-js" data-o-component="o-tracking">
<div style="background: url('https://spoor-api.ft.com/px.gif?data=YOUR_URL_ENCODED_JSON_DATA_HERE');"></div>
</div>
For example, if you have the following data you want to track in Spoor:
Recommendation: Using a different system.source
value from the one used in o-tracking JavaScript mode will help your project be able to more easily group the data for those users without JavaScript. The example below uses the source o-tracking-fallback
.
{
"category": "page",
"action": "view",
"system": {
"source": "o-tracking-fallback",
},
"context": {
"product": "ft.com",
"content": {
"asset_type": "page"
}
}
}
Here is the corresponding tracking pixel setup:
<div class="o-tracking o--if-no-js" data-o-component="o-tracking">
<div style="background: url('https://spoor-api.ft.com/px.gif?data=%7B%22category%22:%22page%22,%20%22action%22:%22view%22,%20%22system%22:%7B%22apiKey%22:%22qUb9maKfKbtpRsdp0p2J7uWxRPGJEP%22,%22source%22:%22o-tracking%22,%22version%22:%221.0.0%22%7D,%22context%22:%7B%22product%22:%22ft.com%22,%22content%22:%7B%22asset_type%22:%22page%22%7D%7D%7D');"></div>
</div>
o-tracking has a development/test mode which will mark the events as test events, and also write to the console extra debugging information.
To activate the mode, set test
to true
during the intialisation of o-tracking
like so:
import oTracking from 'o-tracking';
const config = {
test: true, // Mark the events as test events and turn on extra debug logging.
...
};
oTracking.init(config);
To manually instantiate o-tracking
, import the component and call the init
method with configuration which is specific to your product:
import oTracking from 'o-tracking';
const config = {
context: {
// This value is used as a way to identify the high-level product, for example: ft.com, FT app, biz-ops etc.
product: 'o-tracking-example',
}
};
oTracking.init(config);
To track a page view for the product you call the oTracking.page
method.
Page events automatically track the url and the referrer.
Please refer to the event document for information about all the possible properties which can be set.
const pageConfig = {
content: {
/*
Asset type is meant to describe the main purpose of the page
The value can be one of these:
- `story` - A story or article
- `blog` - A blog post
- `front` - A home page or front page
- `ad` - An advert.
- `image` - An image
- `interactive` - An interactive graphic
- `report` - A special report
- `search` - A search results page
- `section` - A section or listing page
- `topic` - A topic landing page
- `video` - A video page
- `login` - Any login/sign-in page
- `stream` - A stream page
- `funnel` - Any funnel page
- `epaper` - all epaper pages
- `rankings` - A rankings page for schools and courses (i.e. on rankings.ft.com). Not the section's hub page
- `markets` - Any market, bond, commoditity, stock, currency 'tearsheet' (usually has "/tearsheet/" in URL)
- `myft` - All MyFT pages
- `account` - All account pages
- `membership` - All membership pages
- `page` - anything else, not above.
*/
asset_type: "story"
}
};
oTracking.page(pageConfig);
Call the oTracking.click.init
method to track click events. Pass the category you would like the click events to have as an argument:
data-o-tracking-skip-queue
to the element to send the data to Spoor immediately.domPathTokens
.data-trackable
attribute set, sibling elements will also be included within the domPathTokens
property.Please refer to the event document for information about all the possible properties which can be set.
// Tracking a click
const category = 'element';
oTracking.click.init(category);
To track when an element has come into view of the user, add the attribute data-o-tracking-view
to the element in the page and then call the oTracking.view.init
method:
data-o-tracking-view
attribute are tracked.selector
option property to a CSS selector.domPathTokens
.category
option property.getContextData
to the options. The function receives as it's single argument the element which triggered the tracking event and needs to return an object with any of these optional properties set:
componentContentId
type
subtype
component
Note: This feature requires window.IntersectionObserver
in order to track the events
Note: getContextData
should be a function which returns {object}
. It accepts the viewed element as an argumentPlease refer to the event document for information about all the possible properties which can be set.
const opts = {
category: 'audio', // default: 'component'
selector: '.o-teaser__audio', // default: '[data-o-tracking-view]'
getContextData: (el) => { // default: null
return {
componentContentId: el.getAttribute('data-id'),
type: 'audio',
subtype: 'podcast',
component: 'teaser'
};
}
};
oTracking.view.init(opts);
To track a custom event call the oTracking.event
method. For example to track that a video is played:
const eventConfig = {
"category": "video", // optional
"action": "play", // optional
};
oTracking.event(eventConfig);
The event
method also accepts an optional callback which is run after the event has been processed.
const eventConfig = {
"category": "video", // optional
"action": "play", // optional
};
oTracking.event(eventConfig, () => {
console.log('The custom video event has been processed!');
});
Please refer to the event document for information about all the possible properties which can be set.
Instead of calling the page
and event
methods o-tracking
can be configured to capture events based on the custom DOM Events oTracking.page
and oTracking.event
.
Call the oTracking.page.init()
method to listen for oTracking.page
events:
// Tell o-tracking to listen for `oTracking.page` events
oTracking.page.init();
// Now we can send page events and o-tracking will track the data within them.
const pageData = { content: { uuid: 'abc-123', barrier: 'PREMIUM' };
document.body.dispatchEvent(new CustomEvent('oTracking.page', { detail: pageData}, bubbles: true}));
To make o-tracking listen for oTracking.event
events, you call oTracking.event.init()
:
// Tell o-tracking to listen for `oTracking.event` events
oTracking.event.init();
// Now we can send custom events and o-tracking will track the data within them.
const customData = { category: 'video', action: 'play', id: '512346789', pos: '10' };
document.body.dispatchEvent(new CustomEvent('oTracking.event', { detail: customData}, bubbles: true}));
data-trackable
attributesYou can add extra information to o-tracking events by using the data-trackable
and data-trackable-context-*
custom attributes.
data-trackable
o-tracking
will walk up the DOM to get the tree of elements with data-trackable
attributes. For example, clicks to the list-item button below will result in an event that has this path recorded within it - header-menu country-selector china
:-
<div data-trackable="header-menu">
<span>
<div data-trackable="country-selector">
<ul>
<li data-trackable="china"><button>China</button></li>
</ul>
</div>
</span>
</div>
data-trackable-context-*
To add extra context to events you may add custom attributes in the form: data-trackable-context-name="data"
where name
is the name of the extra context and data
is the extra data.
For example, when the below anchor element is clicked, it will add extra event fields article_guid
and article_source
to the data being tracked.
<a href="https://www.ft.com/content/1234-1234-1234-1234"
data-trackable="view-original-article"
data-trackable-context-article_guid="1234-1234-1234-1234"
data-trackable-context-article_source="FINANCIAL TIMES">
Once you have sent data into Spoor, you can view the data via Chartio.
The FT has a Slack channel named #chartio_q_a where anyone can get help with Chartio.
If you have never used Chartio before, you will need to request access via this form.
To sign in to Chartio:
State | Major Version | Last Minor Release | Migration guide |
---|---|---|---|
✨ active | 3 | N/A | migrate to v3 |
⚠ maintained | 2 | 2.0.10 | migrate to v2 |
╳ deprecated | 1 | 1.7.2 | N/A |
If you have any questions or comments about this component, or need help using it, please either raise an issue, visit #origami-support or email Origami Support.
This software is published by the Financial Times under the MIT licence.
FAQs
Provides tracking for a product. Tracking requests are sent to the Spoor API.
The npm package @financial-times/o-tracking receives a total of 773 weekly downloads. As such, @financial-times/o-tracking popularity was classified as not popular.
We found that @financial-times/o-tracking demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.